CVEbaza.plSłownik CWECWE-446
Common Weakness Enumeration

CWE-446

UI Discrepancy for Security Feature

Kategoria: ClassCVE: 3
Opis

Interfejs użytkownika nie włącza ani nie konfiguruje prawidłowo funkcji bezpieczeństwa, ale dostarcza informacje zwrotne, które skłaniają użytkownika do przekonania, że funkcja jest w stanie bezpiecznym. Ta rozbieżność między rzeczywistym stanem zabezpieczeń a komunikatem interfejsu może prowadzić do fałszywego poczucia bezpieczeństwa.

Description (EN)

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

Podatności CVE z CWE-446 (3)
8.6
CVSS
HIGH
CVE-2025-52983

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.

pub. 2025-07-11
5.9
CVSS
MEDIUM
CVE-2025-8353

UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.

pub. 2025-07-30
3.7
CVSS
LOW
CVE-2023-1768

Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.

pub. 2023-04-04
Informacje
ID: CWE-446
Typ: Class
Podatności: 3
MITRE CWE ↗
← Słownik CWE
CWE-446 — Rozbieżność interfejsu użytkownika dla funkcji bezpieczeństwa | Słownik CWE | CVEbaza.pl